Hello,
I need some help from experts. I am testing a site I have created. I have an issue with login system. It worked fine using XAMPP on my computer but when I uploaded to a live server, login has been a problem.

This is what I get when I try to login.

"The page isn’t redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

This problem can sometimes be caused by disabling or refusing to accept cookies."

The login script is below

<?php
if(isset($_POST['login-submit'])){
    include 'dbh.inc.php';
    $mailuid = $_POST['mailuid'];
    $password = $_POST['login-password'];

    if(empty($mailuid)){
        header("Location: ../login.php?error=emptymailuid");
        exit();
    }
    if(empty($password)){
        header("Location: ../login.php?error=pwdempty");
        exit();
    } 

  $sql = "SELECT * FROM users WHERE usersEmail=? OR usersUsername=?";
  $stmt = mysqli_stmt_init($conn);
  if(!mysqli_stmt_prepare($stmt,$sql)){
      header("Location: ../login.php?error=sqlError");
      exit();
  }else{
      mysqli_stmt_bind_param($stmt,"ss",$mailuid,$mailuid);
      mysqli_stmt_execute($stmt);
      $result = mysqli_stmt_get_result($stmt);
      $resultCheck = mysqli_num_rows($result);
      if($resultCheck > 0){
         if($row = mysqli_fetch_assoc($result)){
            $isActive = $row['usersActive']; 
           if($isActive == "Yes"){
               $passwordCheck = password_verify($password,$row['usersPassword']);
             if($passwordCheck == false){
                 header("Location: ../login.php?error=wrongpwd");
                 exit();
             }else if($passwordCheck == true){
                 session_start();
                 $_SESSION['id'] = $row['usersID'];
                 $_SESSION['userId'] = $row['usersUsername'];
                 $_SESSION['email'] = $row['usersEmail'];
                 $location = "Location: ../index.php";
                   header($location);
                 exit();
             }  
           }else{
               header("Location: ../login.php?error=notActive");
           }
         } 
      }else{
          header("Location: ../login.php?error=noUser");
          exit();
      }
  } 
}else{
    header("Location: ../login.php");
    exit();
}
?>

Thanks guys

Try using full paths (beginning with https://...) in the header redirects.

Hi, Thanks for me the message. I did what you suggested but it still didn't work. I tested all my script locally using xampp. Everything was cool. I started getting this issue when I uploaded the files to a live server.

<?php
if(isset($_POST['login-submit'])){
    include 'dbh.inc.php';
    $mailuid = $_POST['mailuid'];
    $password = $_POST['login-password'];

    if(empty($mailuid)){
        header("Location: ../login.php?error=emptymailuid");
        exit();
    }
    if(empty($password)){
        header("Location: ../login.php?error=pwdempty");
        exit();
    } 

  $sql = "SELECT * FROM users WHERE usersEmail=? OR usersUsername=?";
  $stmt = mysqli_stmt_init($conn);
  if(!mysqli_stmt_prepare($stmt,$sql)){
      header("Location: ../login.php?error=sqlError");
      exit();
  }else{
      mysqli_stmt_bind_param($stmt,"ss",$mailuid,$mailuid);
      mysqli_stmt_execute($stmt);
      $result = mysqli_stmt_get_result($stmt);
      $resultCheck = mysqli_num_rows($result);
      if($resultCheck > 0){
         if($row = mysqli_fetch_assoc($result)){
            $isActive = $row['usersActive']; 
           if($isActive == "Yes"){
               $passwordCheck = password_verify($password,$row['usersPassword']);
             if($passwordCheck == false){
                 header("Location: ../login.php?error=wrongpwd");
                 exit();
             }else if($passwordCheck == true){
                 session_start();
                 $_SESSION['id'] = $row['usersID'];
                 $_SESSION['userId'] = $row['usersUsername'];
                 $_SESSION['email'] = $row['usersEmail'];
                 //location
                   header("Location:http: //marksmandigital.net/index.php");
                 exit();
             }  
           }else{
               header("Location: ../login.php?error=notActive");
           }
         } 
      }else{
          header("Location: ../login.php?error=noUser");
          exit();
      }
  } 
}else{
    header("Location: ../login.php");
    exit();
}
?>

To me it looks odd to have a space here and there. Specifically line 40 with that space after http:

Are you sure that space is needed there? Looks wrong. And https://www.php.net/manual/en/function.header.php seems to agree.

-> One other thing. I don't see http: often as everyone moved to secure web sites. (HTTPS)

Check out that space and then I think we need to discuss name and password security. Passing such over HTTP would be ripe for a data leak.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.